Description

Currently, API keys are only tied to users such that you cannot see any API keys which you did not create. This has some downsides.

• if an API key leaks and needs to be deleted when the owner is out of office then another user in the org cannot delete it
• if there's a bug and requests aren't working then it's important that other members of the org can see it exists
• if someone leaves an org and their account is deleted then all requests using their keys will stop working

Migrating to a model where API keys are tied to orgs instead of users will mitigate these issues. Cookie based authentication should be required to create API keys for an org and all API keys which are created need to belong to an org.

Functionality for existing API keys which are tied to users cannot break, but need to be somehow demarcated as "legacy".

Target(s)

server,dashboard

Community channels

Matrix is preferred. Reach out on discord or Matrix for further assistance.

• discord
• matrix